Intel Name: Lampion is back with clickfix lures
Date of Scan: May 7, 2025
Impact: Medium
Summary: A newly uncovered targeted campaign has revealed the resurgence of the Lampion malware, focusing on Portuguese organizations in the government, finance, and transportation sectors. Active since 2019, Lampion now incorporates ClickFix lures—a social engineering tactic that tricks users into executing malicious commands disguised as system fixes. The campaign maintains previously observed TTPs, including obfuscated Visual Basic scripts and familiar infrastructure. Though the final payload was not deployed in this case, the full infection chain was identified, indicating potential for future attacks and underscoring the need for advanced threat detection.
